Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add self signed jwt support #1420

Merged
merged 2 commits into from Aug 16, 2021
Merged

feat: add self signed jwt support #1420

merged 2 commits into from Aug 16, 2021

Conversation

arithmetic1728
Copy link
Contributor

@arithmetic1728 arithmetic1728 commented Jun 29, 2021

Add UseJwtAccessWithScope property to GoogleCredentialsProvider, which passes the property value to ServiceAccountCredentials to trigger self signed JWT.

This property will be set by GAPIC clients, example PR: arithmetic1728/java-kms#3

@google-cla google-cla bot added the cla: yes label Jun 29, 2021
@arithmetic1728 arithmetic1728 changed the title feat: add self signed jwt support [WIP] feat: add self signed jwt support Jul 21, 2021
@suztomo
Copy link
Member

@suztomo suztomo commented Jul 21, 2021

Jul 21, 2021 5:57:02 AM com.google.cloud.tools.dependencies.linkagemonitor.LinkageMonitor run
SEVERE: Newly introduced problem:
(com.google.auth:google-auth-library-oauth2-http:0.26.0) com.google.auth.oauth2.ServiceAccountCredentials's method createWithUseJwtAccessWithScope(boolean) is not found
  referenced from com.google.api.gax.core.GoogleCredentialsProvider (com.google.api:gax:1.67.1-SNAPSHOT)

com.google.auth:google-auth-library-oauth2-http:0.26.0 is at:
  com.google.auth:google-auth-library-oauth2-http:0.26.0 (compile)
  and 96 other dependency paths.
com.google.api:gax:1.67.1-SNAPSHOT is at:
  com.google.api:gax:1.67.1-SNAPSHOT (compile)
  and 2 other dependency paths.

Linkage Monitor checks linkage errors in the following step:

  • It creates a temporary BOM based on the latest release of libraries-bom (20.8.0). It modifies the version of gax with this 1.67.1-SNAPSHOT because this repository generates the artifacts.
    This doesn't modify google-auth-library-oauth2-http version, keeping version 0.26.0, because this repository doesn't have it.
  • It runs linkage checker for the class path generated from the temporary BOM
    The class path contains GAX 1.67.1-SNAPSHOT and google-auth-library-oauth2-http 0.26.0.

Because GAX 1.67.1-SNAPSHOT uses a new method in google-auth-library-oauth2-http 0.27.0. It's a new linkage error.

I'm thinking how to resolve this. (GoogleCloudPlatform/cloud-opensource-java#2137)

For now, it requires a new release of the shared dependencies BOM and the Libraries BOM before merging this change.

@arithmetic1728 arithmetic1728 marked this pull request as ready for review Jul 27, 2021
@arithmetic1728 arithmetic1728 requested review from as code owners Jul 27, 2021
@arithmetic1728 arithmetic1728 added the do not merge label Jul 27, 2021
@arithmetic1728
Copy link
Contributor Author

@arithmetic1728 arithmetic1728 commented Jul 27, 2021

Added do not merge while we are waiting for auth lib to be updated in library-bom

Copy link
Member

@TimurSadykov TimurSadykov left a comment

LGTM

@suztomo
Copy link
Member

@suztomo suztomo commented Aug 16, 2021

I just released a new version of the Libraries BOM that contains the auth library 1.0.0. It may take time (few hours) for Maven to show it as the latest version.

@arithmetic1728 arithmetic1728 removed the do not merge label Aug 16, 2021
@arithmetic1728 arithmetic1728 merged commit ed39c34 into master Aug 16, 2021
8 checks passed
@arithmetic1728 arithmetic1728 deleted the self_signed_jwt branch Aug 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cla: yes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants